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- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
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DETAILED ACTION 



• This action is responding to application papers dated 7/10/2000. 

• Claims 1-46 are pending. Claims 1,13, 20, 26, 28, and 40 are independent 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 



(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 



1. Claims 1-46 are rejected under 35 U.S.C. 102(e) as anticipated by Scheifler et 
al. (U.S. Patent No. 6,138,238: File date is Mar. 20, 1998). 



Regarding Claims 1, 28, Scheifler discloses a method and a computer program 
product encoding a computer program of claims determining whether a requested 
permission, requested by a called code frame, is satisfied within a runtime call stack so 
as to allow the called code frame to perform a protected operation, the method 
comprising: (see Abstract) 



claims. 



Claim Rejections - 35 USC § 102 
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a) associating a permission grant object with a first code assembly in the runtime call 
stack; (see col. 4, line 63 - col. 5, line 3) 

b) creating a permission request object within the called code frame to demand the 
requested permission; (see col. 12, lines 46 - 55) 

c) demanding via the permission request object the requested permission from the 
permission grant object to allow the called code frame to perform the protected 
operation; (see col. 14, lines 41 -46) 

d) determining whether the requested permission is provided in association with the 
first code assembly by the permission grant object, responsive to the demanding 
operation; (see col. 1 1 , lines 54 - 57) 

e) and permitting execution of the called code frame to perform the protected 
operation, if the requested permission is provided in association with the first code 
assembly, (see col. 9, lines 28 - 37) 

Regarding Claims 2, 15, 21, 29, 42, Scheifler discloses the method, the runtime 
system, and the computer program product of claims wherein the called code frame is 
included within the first code assembly, (see col. 19, line 66 - col. 20, line 2) 

Regarding Claims 3, 16, 22, 30, 43, Scheifler discloses the method, the runtime 
system, and the computer program product of claims wherein the called code frame is 
included within a lower level code assembly following the first code assembly in the 
runtime call stack, (see col. 20, lines 3 - 7) 
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Regarding Claims 4, 31 , Scheifler discloses the method and the computer program 

product of claims comprising: 

associating a second permission grant object with a second code assembly loaded 
in the runtime call stack, the second code assembly preceding the first code 
assembly in the runtime call stack, (see col. 18, lines 46 - 56) 

Regarding Claims 5, 32, Scheifler discloses the method and the computer program 

product of claims, further comprising: 

determining, whether the requested permission is provided in association with the 
second code assembly by the second permission grant object, (see col. 18, lines 
57 - 65) 

Regarding Claims 6, 8. 33, 35, Scheifler discloses the method and the computer 
program product of claims wherein the operation of permitting execution of the called 
code frame comprises: 
a) asserting within the first code assembly that a permission grant object associated 
with at least one other code assembly preceding the first code assembly need not 
be evaluated to determine whether a specified permission is satisfied in 
association with the other code assembly in the runtime call stack, regardless of 
whether the specified permission is provided by the permission grant object 
associated with the other code assembly; (see col. 18, lines 4-14) 



Application/Control Number: 09/613,032 Page 5 

Art Unit: 2132 

b) and permitting execution of the called code frame to perform the protected 

operation, if the requested permission is a subset of the specified permission, (see 
col. 9, lines 28 - 33) 

Regarding Claims 7, 34, Scheifler discloses the method and the computer program 
product of claims wherein the operation of permitting execution of the called code frame 
comprises. 

a) asserting within the first code assembly that a permission grant object associated 
with at least one other code assembly preceding the first code assembly does not 
satisfy a specified permission, within the runtime call stack, regardless of whether 
the specified permission is provided by the permission grant object associated 
with the other code assembly; (see col. 16, line 66 - col. 17, line 8) 

b) and preventing execution of the called code frame to perform the protected 
operation, only if the requested permission is a subset of the specified 
permissions, (see col. 19, lines 53 - 59) 

Regarding Claims 9, 36, Scheifler discloses the method and the computer process of 
claims wherein the permission object encoded in the code assembly, and the 
corresponding permission objects encoded in the permission grant object satisfy a 
common permission interface, (see col. 20, lines 3-12) 



Regarding Claims 10, 11, 12, 17, 18, 19, 23, 24, 25, 37, 38, 39, 44, 45, 46, Scheifler 
discloses the method, the runtime system, and the computer program product of claims 
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wherein the operation of associating a first permission grant object with a first code 

assembly comprises: 

associating the first permission grant object with an individual method, class and 
module of the first code assembly, (see col. 1 1 , line 66 - col. 1 2, line 5) 

Regarding Claims 13, 40, Scheifler discloses a method determining whether a 
requested permission, requested by a called code frame, is satisfied within a runtime 
call stack so as to allow the called code frame to perform a protected operation, the 
method comprising: 

a) associating a first permission grant object with a first code assembly in the runtime 
call stack; (see col. 14, lines 6 - 12) 

b) associating a second permission grant object with a second code assembly in the 
runtime call stack; (see col. 14, lines 6-12) 

c) computing a first intersection of permissions provided by the first permission grant 
object and the second permission grant object; (see col. 14, line 62 - col. 15, line 
4) 

d) recording the first intersection of permissions to provide a cached permission 
intersection; (see col. 13, lines 31 - 55) 

e) demanding the requested permission; (see col. 14, lines 40 - 45) 

f ) and permitting execution of the called code frame if the requested permission is a 
subset of the cached permission intersection, (see col. 9 , lines 28 - 37) 
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Regarding Claims 14, 41, Scheifler discloses the method and a computer program 
product encoding a computer program of claims further comprising: 

a) associating a third permission grant object with a third code assembly in the 
runtime call stack; (see col. 14, lines 31 - 37) 

b) computing a second intersection of permissions provided by the first permission 
grant object, the second permission grant object, and the third permission grant 
object; (see col. 14, line 62 - col. 15, line 4) 

c) and recording the second intersection of permissions to provide the cached 
permission intersection, (see col. 13, lines 31 - 35) 

Regarding Claim 20, Scheifler discloses a runtime system for determining whether a 
requested permission, requested by a called code frame, is satisfied within a runtime 
call stack so as to allow the called code frame to perform a protected operation, the 
runtime system comprising: 

a) a first code assembly loaded into the runtime call stack; (see col. 14, lines 5 - 12) 

b) a first permission grant object associated with the first code assembly comprising 
one or more permissions available to the first code assembly; (see col. 14, lines 
31 - 37) 

c) and a first permission request object created by the called code frame requesting 
the requested permission from the first permission grant object, wherein the called 
code frame is permitted to execute the protected operation if the first permission 
request object determines from the permission grant object that the requested 
permission is satisfied by the first code assembly, (see col. 1 5, lines 25 - 32) 
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Regarding Claims 26, 27, Scheifler discloses a runtime system for determining 
whether a requested permission, requested by a called code frame, is satisfied within a 
runtime call stack so as to allow the called code frame to perform a protected operation, 
the runtime system comprising: 

a) a first permission grant object associated with a first code assembly in the runtime 
call stack; (see col. 14 , lines 31 - 37) 

b) a second permission grant object associated with a second code assembly in the 
runtime call stack; (see col. 14 , line 62 - col. 15 , line 4) 

c) and a cache storing an intersection of permissions provided by the first permission 
grant object and the second permission grant object, wherein execution of the 
called code frame is permitted if the requested permission is a subset of the 
cached permission intersection, (see col. 13, lines 31 - 35) 

Conclusion 
Prior Art 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

a. U.S. Patent No. 6, 044,467 to Gong discloses Secure Class Resolutions Loading 
and Definition 

b. U.S. Patent No. 6, 389,540 B1 to Scheifler discloses Stack based Access control 
using Code and Executor Identifiers 
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Contact Information 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kyung H Shin whose telephone number is 703-305- 
071 1 . The examiner can normally be reached on 6:30 am - 4:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 703-305-1830. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



KHS 



Kyung H Shin 
Patent Examiner 
Art Unit 2132 
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